Telecommunications Security, Engineering, and Services is an element of
the Architecture, Standards and
Engineering Group, (HR-43), Office
of Information Management, (HR-4). The Telecommunications Security program
is primarily responsible for developing, implementing, and issuing policy
relating to Communications Security (COMSEC), Cryptographic/COMSEC Access,
Emissions Security (TEMPEST), Protected Transmission Systems, Tamper Indicating
Prismatic Seals, Public Key Cryptography and Deviations within the Department.
Once policy has been issued to the appropriate field members throughout the
Department, it is crucial for HR-43 to continuously review national policy
to ensure compliance at the Department level. In addition, HR-43 conducts
COMSEC audits and cryptofacility surveys, TEMPEST RED/BLACK inspections,
TEMPEST advice and assistance visits, training workshops, and provides PDS
oversight within the Department to ensure that these programs are maintained
in accordance with national policy.

What's NEW!!!

Information Management (IM) Program Order

The Information Management (IM) Program Order, 200.1, replaces many extremely
detailed Orders with a single Order that takes a broad, high level view of
the significance of information management within the Department of Energy
community. This Order was developed with consideration for the following
goals:

Achievement of the information managment vision;

Realization of the new Department of Energy culture of performance based
and results based policy; and

Successful implementation of the Information Technology Reform Act of 1996.

DOE O. 200.1 can be accessed at the
DOE Directives
website provided by the Los Alamos National Laboratory.

Communications Security (COMSEC) Program

HR-43 is responsible for managing the operation and maintenance of the Department
wide Communications Security (COMSEC) program. Communications Security is
primarily related to Message Center Operation, but is equally applicable
to all other forms of communications protection, such as encryption and
decryption of voice communications, data facsimile, television, and control
signals. HR-43 conducts biennial communications security audits and
cryptofacility surveys of all Department of Energy COMSEC accounts.

To keep the field up to date with policy relating to COMSEC, it is also HR-43's
responsibility to develop and conduct training and workshops for all COMSEC
personnel. COMSEC account personnel should attend the COMSEC Workshop once
every four years to ensure they have updated information and skills to perform
their duties. These workshops are offered at different locations within the
Department of Energy. They comprise three and a half days of intensive hands
on work documenting the receipt, transfer and destruction of COMSEC material.
This workshop also includes an up to date threat briefing from the Office
of Counterintelligence and current briefings from the National Security Agency
(NSA). This workshop is a classified workshop; therefore, it is attended
by invitation only.

Cryptographic/COMSEC Access Program

The DOE Cryptographic/COMSEC Accesss Program is based on and established
in accordance with national policy. This national policy requires that a
formal access program be maintained to control the access to certain
cryptographic/COMSEC information. DOE's access program is explained in full
detail in the Telecommunications Security Manual.

Emissions Security (TEMPEST) Program

The DOE Emissions Security (TEMPEST) Program is based upon coordination and
policy formulated by the National Security Agency (NSA). All DOE and DOE
contractor facilities that process classified information are required to
determine the TEMPEST vulnerability of the information and what countermeasures
shall be applied based on the threat. One of HR-43's primary responsibilities
is to serve as the Certified TEMPEST Technical Authority (CTTA) over the
entire DOE TEMPEST program. HR-43 conducts TEMPEST inspections on a biennial
basis of the most sensitive Department of Energy facilities to ensure adequate
protection measures have been implemented and are maintained. HR-433 also
develops and conducts training on an as needed basis and a workshop for all
TEMPEST personnel to attend annually.

The Telecommunictaions Security Workshop that HR-43 provides to all TEMPEST
personnel is a Department of Energy wide workshop. This workshop is intended
for DOE TEMPEST coordinators and others whose duties require protection of
classified or sensitive unclassified information during transmission. The
first day of the three day workshop is dedicated to training TEMPEST
Coordinators. The next two days are presentations ranging from discussions
of PKI to threat briefings on signal intelligence. The workshop also includes
a threat briefing from the Office of Counterintelligence (CI). This workshop
is a classified workshop; therefore, it is attended by invitation only.

Protected Transmission Systems

Within the Department of Energy, there are two approved methods for protecting
classified information in transmission. The first is encryption, which is
outlined in the COMSEC program, and the other is a protected transmission
system. A protected transmission system is an approved wireline that has
adequate physical and emanations security to allow the unencrypted transmission
of classified information. The guidelines for a protected transmission system
are disemminated by the National Security Agency (NSA) and are used as the
basis for the DOE Protected Distribution System (PDS) and Classified Distributive
Information Network (CDIN).

Within DOE, a PDS is only used when very sensitive information must be
transmitted through an uncontrolled area. If the physical controls are adequate,
the use of a PDS is not required. A CDIN may be used in those areas that
have been evaluated as meeting certain criteria for physical, electromagnetic,
and accoustical control. HR-43 conducts a program review of protected systems
every three years. PDS and CDIN are explained in full detail in the DOE
Telecommunications Security Manual.

Tamper Indicating Prismatic Seals

The Tamper Indicating Prismatic Seals (TIPS) program entails the procurement,
installation, and accountability of special seals used for securing protected
transmission systems. These seals can be used in certain situations in lieu
of welding and epoxy.

Transmission Security

The Transmission Security program provides guidance in controlling compromising
emanations in classified processors and wirelines not covered under the TEMPEST
program. The implementation of this criteria will provide a low cost framework
for the secure installation and continued control of classified wirelines
to prevent inadvertent exposure to the information by uncleared personnel.

Public Key Infrastructure (PKI)

The use of public key cryptography for the protection of sensitive unclassified
(SU) information is under the purview of the COMSEC program.

The implementation of public key cryptography will allow the Department to
proceed on a path of greater reliance on digital signatures for electronic
commerce, access control, and with encryption capabilities, secure message
transmittals.

The infrastructure to support public key cryptography is being developed
by working groups throughout the Department of Energy. These working groups
will provide feedback to the DOE PKI Steering Committee with technical, legal,
and policy recommendations. The DOE PKI must comply with all laws and federal
requirements, be compatible with developing Federal PKI, and meet the needs
of the diverse DOE complex that interacts with vendors, academia, and partners.
Click here to
see more about these working groups.

The DOE PKI chapter of the Telecommunications Security Manual will outline
the roles, responsibilities and procedures for issuing, maintaining, protecting
and revoking certificates.

Deviations

Deviations covers definitions and processes for the criteria covered in all
of the programs mentioned. The use of deviations for the programs listed
should be a last resort. HR-433 will assist in developing resolutions to
noncompliance without the use of deviations, if possible. Waivers and Exceptions
require HR-43 approval and are unlikely.

This page was created on 2/7/97.
It was last updated on 8/19/97 at 11:00 a.m..
To see our dislcaimer, please click
here.

Please send any questions or comments to Sharon L. Shank of the Architecture,
Standards and Engineering Group, Office of Information Management, at
Sharon.Shank@hq.doe.gov or by
telephone at (301) 903-3047.